Lucene search
K

282 matches found

CNNVD
CNNVD
added 2020/11/19 12:0 a.m.8 views

Rclone Security Feature Issue Vulnerability

Rclone is a software from the Rclone team that synchronizes data asynchronously from cloud storage. The software supports Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, Yandex Files and other cloud storage. A security vulnerabilit...

7.5CVSS7.1AI score0.01336EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.4 views

The vulnerability of the Java framework for securing industrial applications using Spring Security, related to the use of insufficiently random values, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS6.6AI score0.01594EPSS
Exploits0References4Affected Software6
Positive Technologies
Positive Technologies
added 2020/11/12 12:0 a.m.5 views

PT-2021-5807

Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.9.6 Description A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file...

7.8CVSS6.7AI score0.00736EPSS
Exploits2References193
OSV
OSV
added 2020/06/09 7:15 p.m.3 views

CVE-2020-11957

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number Pairing Random with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with...

7.5CVSS7.1AI score0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.7 views

PT-2020-19335 · Elastic · Cloud On Kubernetes

Name of the Vulnerable Software and Affected Versions: Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 Description: The issue concerns a weak random number generator used to generate passwords in Elastic Cloud on Kubernetes ECK. This weakness can be exploited if an attacker determines whe...

7.5CVSS7.4AI score0.01439EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2020/01/30 9:15 p.m.15 views

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

7.5CVSS7.1AI score0.02257EPSS
Exploits0References1
OSV
OSV
added 2020/01/30 9:15 p.m.4 views

UBUNTU-CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

7.5CVSS7.2AI score0.02257EPSS
Exploits0References2
OSV
OSV
added 2020/01/28 4:15 p.m.1 views

DEBIAN-CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

5.9CVSS5.3AI score0.02833EPSS
Exploits0References1
PyPA
PyPA
added 2020/01/28 4:15 p.m.7 views

PYSEC-2020-211

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

5.9CVSS6.5AI score0.02833EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2020/01/27 7:15 p.m.4 views

CVE-2018-19441

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secretkey values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to...

4.7CVSS5.8AI score0.00296EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/01/20 12:0 a.m.5 views

The vulnerability of ViewPoint video terminals models 9630, 9650, and 9660 is related to the use of insufficiently random values, which allows attackers to disclose protected information.

The vulnerability of ViewPoint video terminals models 9630, 9650, and 9660 is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...

7.5CVSS7.2AI score0.00972EPSS
Exploits0References3
OSV
OSV
added 2019/11/08 6:15 p.m.4 views

CVE-2019-16205

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal...

8.8CVSS7.3AI score0.01293EPSS
Exploits0References1
Broadcom
Broadcom
added 2019/10/28 12:0 a.m.8 views

BSA-2019-864

Security Advisory ID : BSA-2019-864 Component : SANnav portal Revision : 1.0 A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication...

8.8CVSS6.8AI score0.01293EPSS
Exploits0
PyPA
PyPA
added 2019/08/09 3:15 p.m.10 views

PYSEC-2019-140

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

7.5CVSS7AI score0.02288EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.4 views

The vulnerability of the microprogrammed programmable logic controller Modicon, related to the use of insufficiently random values, allows a intruder to intercept TCP connections.

The vulnerability of the microprogrammed programmable logic controller Modicon is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to intercept TCP connections remotely...

7.5CVSS5.4AI score0.0193EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/03/23 12:0 a.m.3 views

UBUNTU-CVE-2016-10743

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an osrandom function call...

7.5CVSS7.1AI score0.02352EPSS
Exploits0References3
OSV
OSV
added 2018/07/30 2:29 p.m.3 views

CVE-2018-13280

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...

5.9CVSS5.8AI score0.00634EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/07/30 2:29 p.m.3 views

CVE-2018-13280

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...

7.4CVSS5.5AI score0.00634EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/07/30 12:0 a.m.6 views

PT-2018-11723 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2-23739 Description: The issue is related to the use of insufficiently random values in the SYNO.Encryption.GenRandomKey function, allowing man-in-the-middle attackers to compromise non-HTT...

7.4CVSS7.1AI score0.00634EPSS
Exploits0References3
Drupal
Drupal
added 2018/06/27 12:0 a.m.13 views

Generate Password - Less critical - Insecure Randomness - SA-CONTRIB-2018-042

The Genpass module makes the password field optional or hidden on the add new user page admin & registration. If the password field is not set during registration, the system generates a password. The module doesn't use a strong source of randomness, creating weak and predictable passwords. This...

6.6AI score
Exploits0References7
Rows per page
Query Builder